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What is claimed is: 




A method of managing risk witn the aid of a computer system, said method 



comprising: 
a. 



identifying a set of risk dements, said risk elements being stored in a 



database coupled to saic 
identifying one or more 



c. 
d. 



computer; 

control procedures associated with each said 



risk element, said control procedures being stored in said database; 
assigning a weight to eaph said control procedure; 
determining a compliance rating for each said control procedure; and 
calculating a compliance score, said compliance score being a func- 
tion of said assigned weights and said compliance rating of said 
control procedures. 1 
1W method of claim 1, wmerein said compliance ratings comprise at least one 
rating/identifying a non-fully compliant control procedure, said method further 
^CG&prising the steps of: 

a. for each said control procedure having a non-fully compliant rating, 
receiving a signa indicating whether said non-fully compliant rating 
is accepted or not accepted; and 
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b. for each said non-fully compliant control procedure whion is indicated 
as not accepted, generating an action plan. / 

3. The method of claim 2 wherein said action plan included target date, said 
method further comprising the step of calculating an expected compliance score for 
one or more future dates based on said action plan target dates. 

4. The method of claim 3 further comprising the step of tracking whether said 
expected compliance scores have been met, said/tracking including calculating actual 
compliance scores for said target dates. / 

5. The method of claim 4 further comprising the step of displaying said ex- 
pected compliance scores versus said ^ctual compliance for said target dates. 

6. The method of claim 1 further comprising the step of associating one or more 
parameters with each said compliance rating. 

7. The method of claiir/6 wherein said one or more parameters are selected 
from the group comprising organization, business line, process, and region. 

8. The method oi claim 6 further comprising the step of sorting said compliance 
scores by said one/or more parameters. 

9. The method of claim 8 further comprising the step of displaying said sorted 
compliance/scores. 



21 



Patent Appln. JPM 001 
A method of managing risk with t le aid of a computer system, said method 



comprising: 



e. 



f. 



g- 



assigning a weight to each 



identifying a set of risk ele nents, said risk elements being stored in a 
database coupled to said cc mputer; 

identifying one or more suorisk elements associated with each said 
risk element, each said sub isk element being stored in said database; 
identifying one or more control procedures associated with each said 
subrisk element, said contr )1 procedures being stored in said database; 

said control procedure; 
determining a compliance gating for each said control procedure, said 
compliance ratings including a plurality of categories including at 
least one category indicatir g said control procedure is not fully 
compliant; 

calculating a compliance sdore, said compliance score being a func- 
tion of said assigned weights and said compliance rating of said 
control procedures; 

for each said subrisk, determining whether at least one control proce- 
dures associated with said subrisk is not fully compliant; 
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for each said subrisk asso :iated with at least one control procedure 
which is not fully compliant, receiving a signal indicating whether 
said subrisk should be accepted or not accepted; and 
for each said subrisk which us indicated as not accepted, generating an 
action plan. 

e method of claim 10/wherein said action plan further includes a target 
, said method further comprising the step of calculating a future compliance 
score based on said action ppn target dates. 

12. The method of claim 10 further comprising the step of associating one or 
more parameters with each said compliance rating. 

13. The method of claim 12 further comprising the step of sorting said compli- 
ance ratings and disp/aying said sorted ratings. 

A method of forecasting risk w|th the aid of a computer system, said method 
comprising: 

a. identifying a set of risk dements, said risk elements being stored in a 
database coupled to said computer; 

b. identifying one or more cfcntrol procedures associated with each said 
risk element, said control procedures being stored in said database; 

c. assigning a weight to eacq said control procedure; 
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determining a compliance rating for each said control procedure, said 

from a set of ratings including at least one 

ly compliant control procedure and at least 

compliant control procedures; 



compliance ratings chosen 
rating identifying a non-fu 
one rating identifying full> 



for each said control procedure having a non- fully compliant rating, 



generating an action plan, 
at least one action listed ti 



expected compliance score 
said fully compliant contro 



said action plan including a target date for 
erein: and 



calculating an expected compliance score for a future date, said 



being a function of said assigned weights, 
procedures, and said action plan target 
dates for said non-fully compliant control procedures. 
The method of claim 14/wherein said action plan comprises a signal indicat- 
g whether said non-fully compliant rating is accepted or not accepted, said ex- 
pected compliance score further being a function of said non-fully compliant ratings 
which have been accepted. 

A data processing system for managing risk, said system comprising: 

a. a database; 

b. a processor coupled to said database, said processor being pro- 
grammed to perform the steps comprising: 
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receiving a first signal identifying a set of risk elements, said 

risk elements beiyig stored in said database; 



ii. receive a second 
dures associated 



signal identifying one or more control proce- 
with each said risk element, said control 
procedures beini stored in said database; 

iii. receive a third signal assigning a weight to each said control 
procedure, said/weight being stored in said database; 

iv. receive a fourth signal identifying a compliance rating for each 
said control procedure; and 

v. calculate a compliance score, said compliance score being a 
function of said assigned weights and said compliance rating 
of said control procedures. 

17. The data processing system of claim 16, wherein said compliance ratings 
comprise at least one rating identifying a non- fully compliant control procedure, said 
processor being further programmed to perform the steps comprising: 

a. for each said control procedure having a non-fully compliant rating, 

receiving a signal indicating whether said non-fully compliant rating 

is accepted or mot accepted; 
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b. for each said non- fully compliant control procedure whjen is indicated 

as not accepted, receiving an action plan, said acjrmi plan including an 
expected target date for implementation prfa an expected compliance 
rating; and 

c. generating one or more futafe expected compliance scores, said 
compliance scores being a function of said target dates, said assigned 
weights and^aki expected compliance rating of said control proce- 
dures. 

18. The dat^processing system of claim 16 further comprising a computer 
display cpilpled to said processor, said processor further being programmed to 
display said compliance scores on said computer display. 



26 



